3
s & Page 3 DI Christian Ploninger Interception: An unauthorized party (a person, a program, or a computer) gains access to the communication. This is an attack on confidentiality. Interruption: An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on availability. Modification: An unauthorized party not only gains access to but tampers with an asset. This is an attack on integrity. Fabrication: An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity. Interruption Interception Modification Fabrication Angriffskonzepte [Stallings, 1995]: Network and Internetwork Security: Principals and Practice. Prentice Hall International, ISBN

5
s & Page 5 DI Christian Ploninger Passive Angriffe Passive attacks are based on interception. This attack type aims at message confidentiality. Release of Message Contents (Eavesdropping): An attacker may read messages while they are in transfer. Eavesdropping on data transmission could result in the disclosure of sensitive information such as passwords, data, and procedures for performing functions, etc. Traffic analysis: Traffic analysis is a form of passive attack in which an intruder observes data being transmitted. An attacker may make inferences of information from observation and analysis of the presence, absence, amount, direction, and frequency of the traffic flow. Passive attacks are difficult to detect since they do not involve any alteration of data. The emphasis is on prevention rather than detection. [2382-pt.8] ISO/IEC , Information Technology - Vocabulary: Control, integrity, and security, 1998

6
s & Page 6 DI Christian Ploninger Aktive Angriffe Masquerading (Spoofing): In such attacks, a person (or machine) impersonates someone else to gain access to a resource. Replay Attack: Often attacks are based on re-sending packets, or streams of packets, that have already been accepted by a recipient. The fact that it is not necessary to understood the received packets makes this attack quite dangerous. Tampering (Packet Alteration): Instead of spoofing an identity, an attacker may choose to use a valid connection for his or her needs by altering the message content. Denial of Service (DoS): DoS attacks aim to prevent access to network resources. Typical attacks involve flooding the network with traffic.

10
s & Page 10 DI Christian Ploninger Denial of Service (DoS): Especially in wireless communication it seems that there is no counter measurement against DoS attacks. Attackers easily can send noise traffic on the used radio frequencies making communication impossible. Tampering (Packet Alteration): After the successful authentication of a valid user, an attacker may modify the transmitted data. This can be countered by the cryptographically binding of authentication and data transmission phase. Ordinary this is achieved by deriving session keys for the data transfer phase. Countering Active Attacks

11
s & Page 11 DI Christian Ploninger Replay Attacks: Cryptographic keys have to change frequently to protect against unauthorized key reuse (key freshness). Additionally challenge-response-protocols can be used to prevent from packet reuse. Masquerading (Spoofing): Appropriate counter measurements against spoofing are: pre-shared secrets, challenge-response protocols. Pre-shared secrets: The identity of a communication party can only be verified, if the party is known a-priori. Challenge-Response-Protocols: The party’s identity has to be proofed without the transmission of the party‘s secret. Countering Active Attacks (Cont.)